Skip to content

Improve loading large replays. Fix Docker image build. #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SteamNimmersatt wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Improve loading large replays. Fix Docker image build. #51

SteamNimmersatt wants to merge 4 commits into from
+70 −7

Conversation

@SteamNimmersatt
Copy link

@SteamNimmersatt SteamNimmersatt commented Jan 16, 2026
edited
Loading

  • Improve loading of large replays by using chunk loading
  • Fix Docker image build and startup

@SteamNimmersatt SteamNimmersatt changed the title Fix build of docker image Fix loading large replays. Fix Docker image build. Jan 17, 2026
@SteamNimmersatt SteamNimmersatt changed the title Fix loading large replays. Fix Docker image build. Improve loading large replays. Fix Docker image build. Jan 17, 2026
@fank fank self-requested a review January 17, 2026 23:18
@fank
Copy link
Member

fank commented Jan 19, 2026

Code Review

Issues Found

1. Security Risk: Disabled Server Timeouts (cmd/main.go:44-47)

e.Server.ReadTimeout = 0  // No read timeout for large files
e.Server.WriteTimeout = 0 // No write timeout for large files

Setting timeouts to 0 disables them entirely, making the server vulnerable to:

  • Slowloris attacks - malicious clients can hold connections open indefinitely
  • Resource exhaustion - slow clients can exhaust server file descriptors

Recommendation: Use generous but finite timeouts (e.g., 30+ minutes) rather than disabling them:

e.Server.ReadTimeout = 30 * time.Minute
e.Server.WriteTimeout = 30 * time.Minute

2. Bug: Duplicate Content-Length Header (server/handler.go)

Content-Length is set twice:

  • In GetCapture(): c.Response().Header().Set("Content-Length", ...)
  • In streamFile(): c.Response().Header().Set("Content-Length", ...)

The second call is redundant and should be removed from streamFile().

3. Variable Shadowing (server/handler.go:339)

func (h *Handler) streamFile(c echo.Context, filepath string) error {

The parameter filepath shadows the imported path/filepath package. Rename to filePath or path.

4. Missing 404 Error Handling (server/handler.go:230-233)

fileInfo, statErr := os.Stat(upath)
if statErr != nil {
    return statErr  // Returns raw OS error, not HTTP 404
}

Should return a proper 404:

if os.IsNotExist(statErr) {
    return echo.ErrNotFound
}
return statErr

5. Aggressive Cache Headers (low priority)

c.Response().Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")

This forces redownload every time. For large replay files, you might want to allow some caching. Not critical, just something to consider.

The core streaming improvement is valuable for handling large replays, but the disabled timeouts are a security concern that should be addressed before merging.

@fank
Copy link
Member

fank commented Jan 19, 2026

Suggestion: Consider splitting this PR into two separate PRs:

  1. Docker image fixes - The Dockerfile changes (Alpine → Debian, ca-certificates)
  2. Large replay loading improvements - The streaming changes and timeout adjustments

This would make it easier to review and merge the Docker fixes independently, and allows more focused discussion on the streaming/timeout changes.

@fank
Copy link
Member

fank commented Jan 19, 2026

I fixed the docker build issues, also added PR checks to ensure stability before merging a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fank fank Awaiting requested review from fank

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SteamNimmersatt @fank